Tuesday, February 12, 2019

Cyber Criminals Conducting Successful Spearphishing Campaigns Against Students at Multiple Universities

US federal authorities have identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes.  In general, the spearphishing emails request students’ login credentials for the University’s internal intranet.  The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: February 11, 2019

Wapack Labs identified connections from 53,521 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Monday, February 4, 2019

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities after a security researcher released their proof-of-concept exploit code on the Internet last weekend. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: February 4, 2019 

On 4 February 2019, Wapack Labs identified 392 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: February 4, 2019

Wapack Labs identified connections from 76,207 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wednesday, January 30, 2019

Chinese Tech Giant Tencent and its Relationship with the Chinese Government

China’s Tencent Games is the developer of the mobile version of PlayerUnknown’s Battlegrounds, a vastly popular game that Wapack Labs has identified as being used to create botnets for conducting industrial fraud.  This report examines the relationship between Tencent and the Chinese government to explore the question of whether Tencent is a witting participant in this activity or being used by malicious actors in the government.
To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 29, 2019 

On 29 January 2019, Wapack Labs identified 29 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 29, 2019

Wapack Labs identified connections from 75,041 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Monday, January 14, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 14, 2019 

On 14 January 2019, Wapack Labs identified 653 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 14, 2019

Wapack Labs identified connections from 52,449 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Cyber Criminals Likely Using IQY Files in Phishing Campaigns

US federal authorities are assessing cybercriminals are likely using Internet query (IQY) files in their phishing campaign emails targeting US businesses, indicating a new tactic, technique, and procedure (TTP).  Historically, most cybercriminal phishing campaigns used embedded macros or executables in order to run malicious code.  By using IQY files, the malicious email has a higher chance of success by circumventing computer network and email filters due to a lack of malicious code embedded in the email attachment, with the IQY file using a simple web URL as its payload.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wednesday, January 9, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 7, 2019 

On 7 January 2018, Wapack Labs identified 187 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 7, 2019

Wapack Labs identified connections from 51,866 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Sunday, December 30, 2018

Huawei Arrest: Chinese Government and Media Spin

Meng Wanzhou, the CFO of Huawei
Industries arrested.
Huawei has worked hard against the Western narrative that it is somehow an agent of the Chinese government or its intelligence services.  In this instance, the Chinese government has lept to its defense.  However, the seriousness of the Chinese government response to Meng’s arrest appears to reflect their defense of Huawei as a premier Chinese industry rather than as a government entity. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: December 28, 2018 

On 28 December 2018, Wapack Labs identified 16 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems.